Closed
Bug 1715151
Opened 3 years ago
Closed 3 years ago
Crash in [@ mozilla::a11y::HTMLLIAccessible::BoundsInAppUnits]
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
RESOLVED
FIXED
91 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr78 | --- | unaffected |
| firefox89 | --- | unaffected |
| firefox90 | + | fixed |
| firefox91 | + | fixed |
People
(Reporter: kbrosnan, Assigned: eeejay)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta+
|
Details | Review |
Crash report: https://crash-stats.mozilla.org/report/index/982acccd-8d95-42da-9dd0-0d4100210607
Reason: SIGSEGV /SEGV_MAPERR
Top 10 frames of crashing thread:
0 libxul.so mozilla::a11y::HTMLLIAccessible::BoundsInAppUnits const accessible/html/HTMLListAccessible.cpp:58
1 libxul.so mozilla::a11y::LocalAccessible::Bounds const accessible/generic/LocalAccessible.cpp:694
2 libxul.so mozilla::a11y::DocAccessibleWrap::HandleAccEvent accessible/android/DocAccessibleWrap.cpp:76
3 libxul.so nsEventShell::FireEvent accessible/base/nsEventShell.cpp:43
4 libxul.so mozilla::a11y::DocAccessible::DispatchScrollingEvent accessible/generic/DocAccessible.cpp:2773
5 libxul.so mozilla::a11y::RootAccessible::HandleEvent accessible/generic/RootAccessible.cpp:236
6 libxul.so {virtual override thunk}
7 libxul.so mozilla::EventListenerManager::HandleEventSubType dom/events/EventListenerManager.cpp:1114
8 libxul.so mozilla::EventListenerManager::HandleEventInternal dom/events/EventListenerManager.cpp:1305
9 libxul.so mozilla::EventTargetChainItem::HandleEventTargetChain dom/events/EventDispatcher.cpp:487
Severity: -- → S2
|
Reporter | |
Comment 1•3 years ago
|
||
[Tracking Requested - why for this release]: possible crash regression.
status-firefox89:
--- → unaffected
status-firefox90:
--- → affected
status-firefox91:
--- → affected
tracking-firefox90:
--- → ?
tracking-firefox91:
--- → ?
Keywords: regression
|
||
Updated•3 years ago
|
|
|
||
Comment 2•3 years ago
|
||
20210505095249 looks to be the first Fenix/GV buildid with this crash.
|
||
Updated•3 years ago
|
Has Regression Range: --- → yes
|
Assignee | |
Comment 4•3 years ago
|
||
I'm not sure in what markup/style scenario a list item accessible
wouldn't have a frame, but would have a bullet. Apparently that can
happen in the wild. Added an assertion, hopefully we can trip it on
something reproducable in the future.
|
||
Updated•3 years ago
|
Assignee: nobody → eitan
Status: NEW → ASSIGNED
Pushed by eisaacson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/700fc3dd5142
Check if we have a frame for HTMLLIAccessible when getting bounds. r=morgan
|
||
Comment 6•3 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 91 Branch
|
||
Updated•3 years ago
|
status-firefox-esr78:
--- → unaffected
|
|
||
Comment 7•3 years ago
|
||
Please request beta uplift when you get a chance.
|
|
||
Updated•3 years ago
|
Flags: needinfo?(mreschenberg)
|
||
Comment 8•3 years ago
|
||
Comment on attachment 9226193 [details]
Bug 1715151 - Check if we have a frame for HTMLLIAccessible when getting bounds. r?morgan
Beta/Release Uplift Approval Request
- User impact if declined: If declined, users may continue to see crashes when they encounter bullets without frames in the wild.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce: We aren't sure how to reproduce this crash, so unfortunately we can't ask for a test here :(
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This patch adds a null check before querying the frame's bounds. It also includes an assertion so we can (hopefully) figure out what kinds of HTML users are encountering in the wild that produces a bullet but no frame.
- String changes made/needed:
Flags: needinfo?(mreschenberg)
Attachment #9226193 -
Flags: approval-mozilla-beta?
|
|
||
Updated•3 years ago
|
Flags: needinfo?(eitan)
|
|
||
Comment 9•3 years ago
|
||
Comment on attachment 9226193 [details]
Bug 1715151 - Check if we have a frame for HTMLLIAccessible when getting bounds. r?morgan
approved for 90.0b11
Attachment #9226193 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 10•3 years ago
|
||
| bugherder uplift | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•